b'         Audit Report\n\n\n\n\n   OIG-06-044\n\n   FOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of\n   OFAC Compliance Was Hampered by Limited Documentation\n\n   September 26, 2006\n\n\n\n\nOffice of\nInspector General\nDepartment of the Treasury\n\x0c\x0cContents\n\n\nAudit Report....................................................................................................1\n\n    Results in Brief...............................................................................................2\n\n    Background .......................................................................... \xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa64\n\n    Audit Results ........................... \xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa67\n\n    Recommendations ........................................................................................12\n\n\nAppendices\n\n    Appendix 1: Objective, Scope, and Methodology .............................................14\n    Appendix 2: Bank Secrecy Act/Anti-Money Laundering Examination Manual\n                Excerpt \xe2\x80\x93 Core Examination Procedures ........................................16\n    Appendix 3: Management Response ...............................................................20\n    Appendix 4: Major Contributors to this Report .................................................22\n    Appendix 5: Report Distribution .....................................................................23\n\n\nAbbreviations\n\n    AML              Anti-Money Laundering\n    BSA              Bank Secrecy Act\n    FFIEC            Federal Financial Institutions Examination Council\n    OFAC             Office of Foreign Assets Control\n    OIG              Office of Inspector General\n    OTS              Office of Thrift Supervision\n\n\n\n\n                         FOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC                         Page i\n                         Compliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0c        This page intentionally left blank.\n\n\n\n\nFOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC     Page ii\nCompliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0c                                                                                      Audit\nOIG\nThe Department of the Treasury\n                                                                                      Report\nOffice of Inspector General\n\n\n\n\n                      September 26, 2006\n\n                      John M. Reich\n                      Director\n                      Office of Thrift Supervision\n\n                      As a follow-up to a previous OIG report,1 we conducted an audit of\n                      the Office of Foreign Assets Control\xe2\x80\x99s (OFAC) administration and\n                      enforcement of economic sanctions against targeted foreign\n                      countries, individuals, and groups. OFAC acts under presidential\n                      wartime and national emergency powers, as well as authority\n                      granted by specific legislation, to impose controls on transactions\n                      and freeze foreign assets under US jurisdiction. OFAC sanctions are\n                      enforced largely by financial institutions. Because OFAC is legally\n                      limited in its ability to monitor financial institutions\xe2\x80\x99 compliance\n                      with foreign sanction requirements,2 it depends on financial\n                      institution regulators, such as the Office of Thrift Supervision\n                      (OTS), to ensure that financial institutions comply with OFAC\n                      requirements. Accordingly, as part of our OFAC audit, we tested\n                      regulator oversight of OFAC compliance for a sample of financial\n                      institutions to determine whether OFAC\xe2\x80\x99s foreign sanctions\n                      programs were being effectively administered. This report presents\n                      the results of the review we conducted of OTS compliance\n                      examinations.\n\n                      We conducted our audit from January to September 2005 in\n                      accordance with generally accepted government auditing\n                      standards. A more detailed description of our objective, scope, and\n                      methodology is included in appendix 1.\n\n1\n  FOREIGN ASSETS CONTROL: OFAC\xe2\x80\x99s Ability to Monitor Financial Institution Compliance Is Limited\nDue to Legislative Impairments, (OIG-02-082, April 26, 2002).\n2\n  Section 3412 (d) of the Right to Financial Privacy Act (12 U.S.C. 3401) allows supervisory agencies\nto exchange examination information with other supervisory agencies. OFAC is not included in the act\xe2\x80\x99s\nlist of supervisory agencies [\xc2\xa7 3401(7)].\n\n\n\n\n                      FOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC               Page 1\n                      Compliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0cResults in Brief\n                          OTS\xe2\x80\x99s OFAC examination work papers did not provide us with\n                          assurance that federal and state-chartered thrift institutions3 were\n                          adequately reviewing or effectively administering OFAC\xe2\x80\x99s foreign\n                          sanctions programs. From a sample of 12 OTS thrift examinations\n                          conducted from fiscal years 2002 through 2004, we found, for\n                          every examination, one or more instances in which documentation\n                          was insufficient to verify that examiners adequately assessed\n                          OFAC program compliance. Specifically, the OTS examination work\n                          papers did not always contain sufficient documentary evidence to\n                          demonstrate that examiners fully assessed\n                              \xe2\x80\xa2   policies and procedures for the OFAC compliance program,\n                              \xe2\x80\xa2   internal audit results for possible OFAC program concerns,\n                                  and\n                              \xe2\x80\xa2   OFAC penalty or warning notices that had been sent to\n                                  thrifts.\n                          Although we conducted a limited review of only 12 thrift\n                          examinations, we believe, based on discussions with OTS officials,\n                          that a larger sample would have produced similar results. OTS\n                          officials agreed but noted that documentation of OFAC\n                          examinations is generally minimal unless a problem is noted. OTS\n                          examination work papers are \xe2\x80\x9cexception-based\xe2\x80\x9d and if an examiner\n                          concludes that an institution is OFAC-compliant, there is no\n                          requirement that the examiner maintain copies of documentation to\n                          support that conclusion. We believe, however, that this policy\n                          makes it difficult to assess the adequacy of examinations and\n                          creates inconsistency in how program results are documented.\n\n                          For the period under review, OTS had only limited guidance for\n                          conducting and documenting OFAC compliance examinations.\n                          However, OTS issued the Examination Handbook in November\n                          20044 and new guidance in March and April 2005 that clarified and\n\n3\n    A thrift institution is the general term for savings banks, and savings and loan associations.\n4\n    OTS updated the Examination Handbook in July 2005.\n\n\n\n\n                          FOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC                Page 2\n                          Compliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0c                       expanded the procedures that OTS examiners are to follow during\n                       compliance examinations. These documents were the first updates\n                       on conducting OFAC compliance examinations that OTS had issued\n                       since 1999.\n\n                       In addition, in June 2005, the Federal Financial Institutions\n                       Examination Council (FFIEC),5 of which OTS is a member, issued\n                       the Bank Secrecy Act/Anti-Money Laundering Examination Manual,\n                       which contains uniform financial institution regulator examination\n                       procedures that deal with Bank Secrecy Act/anti-money laundering\n                       (BSA/AML) compliance. Examination procedures for OFAC\n                       compliance are included in the manual.\n\n                       Later in this report, we discuss our concerns about OTS\n                       examinations of thrifts\xe2\x80\x99 compliance with OFAC. If OTS examiners\n                       follow the OTS Examination Handbook, recent OTS guidance\n                       related to OFAC compliance examinations, and the FFIEC Bank\n                       Secrecy Act/Anti-Money Laundering Examination Manual\n                       (BSA/AML Examination Manual), our concerns about OTS\n                       compliance examinations should be alleviated.\n\n                       We are making recommendations to OTS to ensure that examiners\n                       use the (1) pertinent policies and procedures in the FFIEC Bank\n                       Secrecy Act/Anti-Money Laundering Manual and in the OTS\n                       Examination Handbook and policy directives when examining thrifts\n                       for OFAC compliance, and (2) OFAC scoping and planning\n                       procedures from the FFIEC Bank Secrecy Act/ Anti-Money\n                       Laundering Examination Manual to document the OFAC procedures\n                       performed and include the procedures and the basis for OFAC\n                       conclusions in the workpapers.\n\n\n\n5\n  FFIEC, established under title X of the Financial Institutions Regulatory and Interest Rate Control Act\nof 1978, is a formal interagency body empowered to prescribe uniform principles, standards, and report\nforms for the examination of financial institutions by federal regulators. The members of FFIEC, in\naddition to OTS, are the Office of the Comptroller of the Currency, the Federal Deposit Insurance\nCorporation, the Board of Governors of the Federal Reserve System, and the National Credit Union\nAdministration.\n\n\n\n\n                       FOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC                 Page 3\n                       Compliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0c             OTS concurred with our recommendations. OTS said in its\n             response that examinations since August 2005 have included an\n             OFAC compliance component that follows the applicable policies\n             and procedures in the BSA/AML Examination Manual, the OTS\n             Examination Handbook, and OTS policies and procedures. With\n             regard to documenting work performed, OTS also plans to issue\n             and implement examiner guidance to enhance OFAC procedures in\n             the fourth calendar quarter of 2006.\n\nBackground\n             OFAC\xe2\x80\x99s Mission and Sanctions Programs\n\n             The mission of OFAC, an office within the Department of the\n             Treasury, is to administer and enforce economic and trade\n             sanctions based on U.S. foreign policy and national security goals\n             against targeted foreign countries, terrorists, international narcotics\n             traffickers, and those engaged in activities related to the\n             proliferation of weapons of mass destruction. All U.S. persons,\n             including U.S. banks, bank holding companies, and nonbank\n             subsidiaries, must comply with OFAC regulations.\n\n             OFAC publishes a list of individuals and companies owned or\n             controlled by, or acting for or on behalf of, targeted countries. The\n             list also contains individuals, groups and entities, such as terrorists\n             and drug traffickers. Collectively, such individuals, and entities are\n             called \xe2\x80\x9cSpecially Designated Nationals\xe2\x80\x9d or \xe2\x80\x9cSDNs.\xe2\x80\x9d\n\n             OFAC regulations involve blocking accounts and other assets of the\n             specified countries, entities, and individuals and rejecting financial\n             transactions with specified countries, entities, and individuals.\n             OFAC has the authority to impose civil monetary penalties against\n             financial institutions for failure to block or reject prohibited\n             transactions.\n\n             OFAC sanctions can reach into virtually all areas of banking\n             operations. Therefore, banks need to consider all types of\n\n\n\n\n             FOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC       Page 4\n             Compliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0ctransactions, products, and services when they conduct risk\nassessments and establish appropriate policies and procedures.\n\nOTS Role in Ensuring Thrifts\xe2\x80\x99 Compliance with OFAC Regulations\n\nOTS\xe2\x80\x99s mission is to supervise thrifts, and their holding companies,\nin order to maintain their safety and soundness and assure\ncompliance with consumer laws, as well as to encourage a\ncompetitive industry that meets U.S. financial services needs. As\nof June 2006, OTS regulated 854 thrifts with total assets of $1.53\ntrillion.\n\nIn its examinations of thrifts, OTS evaluates their OFAC compliance\nprograms. However, none of the laws that authorize sanctions for\nOFAC violations contain specific language that delegates\nadministrative enforcement responsibility to any of the financial\ninstitution regulatory agencies, including OTS. Consequently,\nOTS\xe2\x80\x99s OFAC enforcement responsibilities fall under its general\nexamination responsibility to ensure that thrifts are following\napplicable laws and regulations.\n\nFinancial institutions, including thrifts, are not required by a specific\nregulation to establish an OFAC compliance program. Nonetheless,\nOTS has recommended that thrifts establish and maintain effective\nOFAC programs as a matter of good banking practice. If an OTS\nexaminer determines that a thrift\xe2\x80\x99s OFAC compliance program is\ninadequate, the examiner would consider citing the thrift for an\nunsafe or unsound banking practice.\n\nOTS Examination Guidelines for OFAC Compliance\n\nOn April 11, 2002, the director of OTS announced an initiative to\nimprove the examination process by combining the safety and\nsoundness and the compliance examination functions. Instead of\nhaving two separate teams (safety and soundness and\ncompliance), each performing its own examination and issuing its\nown report, OTS would conduct a comprehensive examination that\nproduced one report.\n\n\n\n\nFOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC        Page 5\nCompliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0cFor examinations conducted prior to mid-March 2005, OTS\nexaminers used only section 415 \xe2\x80\x9cEconomic Sanctions,\xe2\x80\x9d in the\nOTS Compliance Activities Regulatory Handbook, issued in\nDecember 1999, to assess OFAC-related compliance. The initial\nOFAC-related examination objective has been to determine whether\nthe financial institution is aware of the Treasury regulations that\nimpose economic sanctions against certain countries.\n\nOTS examiners also review the thrift\xe2\x80\x99s internal audit or compliance\nprogram procedures for ascertaining whether the institution is in\ncompliance with the regulations and whether the procedures were\nincluded in the internal audit\xe2\x80\x99s scope.\n\nRecent OTS Guidelines for OFAC Compliance Examinations\n\nThe OTS Examination Handbook, issued in November 2004,\nstressed that all examinations should be risk-focused, meaning that\nmore time should be expended examining higher-risk areas within\nan organization. Scoping is an integral part of a risk-focused\nexamination because it helps examiners target higher-risk areas for\nreview and determine which OTS examination procedures are\nappropriate to use.\n\nDuring our review, OTS issued additional guidance regarding the\nexamination of OFAC compliance. Examiners were directed to\nreview the thrifts\xe2\x80\x99 written policies and procedures for complying\nwith OFAC regulations, as well as the thrifts\xe2\x80\x99 work papers and\ndocumentation developed through self-assessments, periodic\ntransaction reviews, or audits.\n\nIn addition, examiners were to review blocked or rejected\ntransactions and documentation and procedures relating to how\npotential OFAC violations were reviewed and cleared. Finally,\nexaminers were to review all correspondence that OFAC may have\nhad with the thrift.\n\n\n\n\nFOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC     Page 6\nCompliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0c                FFIEC Core Examination Procedures for OFAC Compliance\n\n                In June 2005, FFIEC released the BSA/AML Examination Manual.\n                The manual includes core procedures for examiners to use to\n                determine whether financial institutions are in compliance with\n                OFAC sanctions programs. (See appendix 2 for the core\n                examination procedures relating to OFAC.)\n\n                According to the BSA/AML Examination Manual, financial\n                institutions should use a risk-based approach when considering the\n                likelihood of encountering possible OFAC violations. The manual\n                recognizes that a fundamental element of sound OFAC compliance\n                is a bank\xe2\x80\x99s assessment of its product lines, customer base,\n                geographic location, the nature of its transactions, and the\n                identification of high-risk areas for OFAC transactions.\n\n                The manual also provides guidance for the use of transaction\n                testing by examiners to assess the adequacy of a financial\n                institution\xe2\x80\x99s OFAC program. Examiners, after performing a review\n                of the thrift\xe2\x80\x99s risk assessment, prior examination reports and a\n                review of the bank\xe2\x80\x99s audit findings, have the option of performing\n                transaction testing.\n\n\nAudit Results\n                OTS\xe2\x80\x99s examination work papers lacked sufficient documentation to\n                assure us that thrifts were adequately reviewing or administering\n                OFAC sanctions programs. Our review of OTS examinations of 12\n                thrifts from fiscal years 2002 through 2004 found instances of\n                inadequate documentation for critical examinations steps.\n                Specifically, we found instances in which there was little or no\n                documentation that examiners had done the following:\n\n                   \xe2\x80\xa2   Evaluated whether compliance procedures were implemented\n                       (12 thrifts)\n                   \xe2\x80\xa2   Verified the thrift\xe2\x80\x99s internal audit results of OFAC compliance\n                       (7 thrifts)\n\n\n\n\n                FOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC     Page 7\n                Compliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0c   \xe2\x80\xa2   Reviewed the thrift\xe2\x80\x99s compliance program policies and\n       procedures (6 thrifts)\n   \xe2\x80\xa2   Referenced an OFAC penalty notice (1 thrift) or OFAC\n       warning letters (3 thrifts) or in any way changed their review\n       scope as a result of the notice or letters\n   \xe2\x80\xa2   Used the thrifts\xe2\x80\x99 prohibited and rejected transactions to\n       refine the scope of their review (4 thrifts)\n\nOur efforts to evaluate and verify the examiners\xe2\x80\x99 conclusions were\nhampered by the lack of documentation. If examiners conclude that\nan institution is OFAC compliant, OTS does not require that\ndocumentation be maintained and available to support their\nconclusions. As a result, documentation is often not available to\nallow an external reviewer to verify and assess the examiners\xe2\x80\x99\nconclusions. OTS guidelines do not specify the level of testing or\nthe supporting documentation needed to substantiate OFAC\ncompliance results.\n\nThe OTS Examination Handbook stresses that proper examination\ndocumentation of procedures and subsequent conclusions should\nleave an effective audit trail. However, the handbook also directs\nexaminers to avoid excessive documentation and include only\ninformation that is relevant or may require follow-up. In addition,\nexaminers are reminded that the time spent recording extraneous\ninformation would be better used to examine high-risk areas. OTS\nmanagement expressed concern that our request for\ndocumentation would be contrary to OTS\xe2\x80\x99s longstanding standard\npractice, unduly time-consuming and incompatible with the\nagency\xe2\x80\x99s migration to an electronic work paper format.\n\nAs of April 2005, OTS issued additional written policies,\nprocedures and guidance to improve its OFAC examination\nprogram. In addition, the FFIEC issued, in June 2005, the\nBSA/AML Examination Manual which provides for uniform\nBSA/AML examination procedures for financial institution\nregulators to use to assess OFAC compliance. These new\nexamination policies, procedures, and guidance, if followed, should\nimprove examination coverage.\n\n\n\nFOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC        Page 8\nCompliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0cDescription of Our Review\n\nTo assess OTS examinations of thrifts\xe2\x80\x99 compliance with OFAC\nregulations, we judgmentally selected a sample of 12 thrift\nexaminations that OTS conducted in fiscal years 2002 through\n2004. Our sample included 1 thrift that had received an OFAC\npenalty notice and 3 thrifts that had received OFAC warning letters\nfor failing to comply with OFAC regulations. The remaining 8 thrifts\nwere selected based on asset size and geographic location.\n\nAs of September 2005, the average asset value of a thrift\nregulated by OTS is approximately $1.6 billion. Our sample focused\non thrifts that exceeded the average asset size and that were\ntherefore more likely to have numerous and complex transactions.\nAs a result, we selected 4 thrifts with asset values between\n$2.0 billion and $10.6 billion and 4 additional thrifts with asset\nvalues that ranged from $15.7 billion up to $96.1 billion.\nTo achieve geographical coverage, our sample included thrifts from\nthe 4 OTS regions. We reviewed OFAC examinations for 2 thrifts\neach in Florida, California and Texas. The remaining thrifts were\nlocated in New York, Virginia, Wisconsin, New Jersey, Delaware,\nand Utah.\n\nFor each of the 12 thrifts in our sample, we requested copies of\nthe most recent examination work papers that included a review of\nOFAC compliance. In addition, we requested copies of all\ndocumentation that may have affected the scope of the OFAC\nreviews. The examination records were compiled by the OTS\nspecial counsel and were reviewed at OTS headquarters in\nWashington, D.C.\n\nOTS Examinations Did Not Always Document Thrifts\xe2\x80\x99 Internal Audit\nResults\n\nIn reviewing a thrift, OTS examiners are expected to determine\nwhether the institution\xe2\x80\x99s internal audit procedures include\nprovisions to evaluate efforts to achieve OFAC compliance. Five of\nthe 12 OTS examinations had documentation that verified that the\n\n\n\nFOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC     Page 9\nCompliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0cfinancial institutions had adopted and implemented internal audit or\nindependent reviews that included OFAC compliance.\n\nSeven of the OTS examinations had no such evidence in the work\npapers. Four examinations contained statements that cited the\nresults of internal reviews but lacked documentary evidence to\nsupport the statements. The remaining 3 examinations made no\nreference as to whether internal reviews of OFAC compliance were\nconducted.\n\nOTS Examinations Lacked Documentary Evidence of Review of\nImplementation of Thrifts\xe2\x80\x99 OFAC-Related Policies and Procedures\n\nAccording to the guidance available in section 415 of the OTS\nCompliance Activities Regulatory Handbook, examiners should\ndetermine whether a thrift is satisfactorily aware of its OFAC-\nrelated responsibilities. The guidance did not offer methods for\ndetermining thrift awareness or specify the documentation required\nto support the conclusions. Our review found that work papers for\n10 of the 12 thrift examinations included copies of OFAC-related\npolicies and procedures and that work papers for 2 of the thrift\nexaminations contained no evidence of OFAC-related policies and\nprocedures.\n\nOTS examiners provided little evidence in their work papers that\nthey had verified or conducted any testing of the validity or\nreliability of the thrifts\xe2\x80\x99 OFAC-related policies and procedures. Six\nof the 12 examinations in our sample contained statements that\nOFAC-related policies and procedures were reviewed, but work\npaper documentation failed to provide evidence that the work had\nbeen performed and to support the conclusions reached. In\naddition, we saw no work paper evidence in any of the 12\nexaminations that transactional testing had been conducted to\nevaluate whether the OFAC-related policies and procedures were\nbeing implemented.\n\n\n\n\nFOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC     Page 10\nCompliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0cDocumentation Was Lacking that OFAC Warning Letters Affected\nScope of Examinations\n\nOur sample of 12 thrifts included 3 thrifts that had received OFAC\nwarning letters and 1 thrift that had received an OFAC penalty\nnotice. OFAC personnel informed us that copies of warning letters\nand penalties are routinely sent to OTS personnel.\n\nOTS personnel confirmed that copies of warning letters and penalty\nnotices were sent to examiners\xe2\x80\x99 offices for future OFAC reviews.\nHowever, in our review of the OTS work papers for the\nexaminations of the 3 thrifts that received OFAC warning letters,\nwe found no references by the examiners to those letters. In the\ncase of the thrift that received a penalty notice, our review of the\nexamination work papers found evidence that the thrift had notified\nthe OTS examiner of the existence of the notice and that the\nexaminer did perform additional work to ensure that the thrift was\nin compliance in the area of concern.\n\nDocumentation Was Lacking that Existence of Prohibited and\nRejected Transactions Affected Scope of Examinations\n\nFour of the 12 thrifts in our review had reported prohibited or\nrejected transactions to OFAC. The thrifts reported these\ntransactions to their OTS examiners, who documented them in the\nwork papers. However, there was no evidence that the examiners\nhad knowledge of these prohibited transactions before they\ninitiated their examinations or that they used such information to\nrefine the scope of the examinations.\n\nConclusions\n\nThe comprehensive examination guidelines contained in the FFIEC\nBSA/AML Examination Manual and the transaction testing options\nfor OFAC compliance necessitate that examiners carefully choose\nthose procedures that meet the specific risks associated with a\nparticular institution. Therefore, it is critical that OTS examiners\njustify and document their decisions regarding the scope of their\nwork and their basis for selecting certain procedures for review and\n\n\n\nFOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC     Page 11\nCompliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0c             specific transactions for testing (if testing is utilized). OTS\n             management should ensure that such decisions and conclusions are\n             adequately documented in examiners\xe2\x80\x99 workpapers.\n\nRecommendations\n\n             We recommend that the Director of OTS ensure that OTS\n             examiners do the following:\n\n             1. Use the pertinent policies and procedures in the FFIEC Bank\n                Secrecy Act/ Anti-Money Laundering Examination Manual and in\n                the OTS Examination Handbook and policy directives when\n                examining thrifts for OFAC compliance.\n\n             2. Use the OFAC scoping and planning procedures from the FFIEC\n                Bank Secrecy Act/ Anti-Money Laundering Examination Manual\n                to document the OFAC procedures performed and include the\n                procedures and the basis for OFAC conclusions in the\n                workpapers.\n\n             Management Response\n\n             OTS concurred with the first recommendation and reported that,\n             starting August 2005, all new OTS examinations with an OFAC\n             compliance component are following the applicable policies and\n             procedures contained in the BSA/AML Examination Manual, the\n             OTS Examination Handbook, and OTS policies and procedures.\n             OTS agreed with the second recommendation and will issue and\n             implement examiner guidance to ensure enhancement of OFAC\n             procedures in the fourth calendar quarter of 2006.\n\n             OIG Comment\n\n             We believe that the actions OTS states in its response, if\n             implemented as described, address the intent of our\n             recommendations.\n\n\n\n\n             FOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC     Page 12\n             Compliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0c                               ******\n\n\n\nWe would like to extend our appreciation to OTS\xe2\x80\x99s Special Counsel\nand other officials for the cooperation and courtesies extended to\nour staff during the audit. If you have any questions, please\ncontact me at (617) 223-8640.\n\n\n\n/s/\nDonald P. Benson\nDirector\n\n\n\n\nFOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC     Page 13\nCompliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0c                       Appendix 1\n                       Objective, Scope, and Methodology\n\n\n\n\n                       Our objective was to determine the effectiveness of Office of Thrift\n                       Supervision (OTS) examination efforts to ensure financial institution\n                       compliance with Office of Foreign Assets Control (OFAC)\n                       requirements. This audit was performed in conjunction with an\n                       audit of OFAC\xe2\x80\x99s administration and enforcement of economic\n                       sanctions against targeted foreign countries, groups, and\n                       individuals. Because OFAC is legally limited in its ability to monitor\n                       financial institutions\xe2\x80\x99 compliance with foreign sanction\n                       requirements, OFAC depends on financial institution regulators,\n                       such as OTS, to ensure that the institutions comply with OFAC\n                       requirements.\n\n                       This audit followed up on our prior report \xe2\x80\x9cFOREIGN ASSETS\n                       CONTROL: OFAC\xe2\x80\x99s Ability To Monitor Financial Institution\n                       Compliance Is Limited Due To Legislative Impairments,\xe2\x80\x9d6 which\n                       noted the lack of transaction testing during OTS examinations of\n                       OFAC compliance.\n\n                       We reviewed the examination procedures listed in section 415,\n                       \xe2\x80\x9cEconomic Sanctions,\xe2\x80\x9d of the OTS Compliance Activities\n                       Regulatory Handbook to assess OFAC-related compliance. We also\n                       compared current OTS examination guidance for OFAC compliance\n                       with the BSA/AML Examination Manual issued by the Federal\n                       Financial Institutions Examination Council in June 2005.\n\n                       We judgmentally selected a sample of 12 thrifts and ensured that\n                       their OTS examinations included an assessment of OFAC\n                       compliance. OFAC compliance examinations for 11 of the 12\n                       thrifts were conducted in fiscal years 2003 and 2004. The OFAC\n                       examination for 1 of the thrifts was conducted in fiscal year 2002.\n\n                       Our sample included 1 thrift that was penalized by OFAC during\n                       the period under review and 3 thrifts that were issued warning\n                       letters by OFAC for failing to properly handle prohibited\n                       transactions. The remaining thrifts were selected based on asset\n                       size and geographic locations.\n\n\n\n6\n    OIG-02-082 (Apr. 26, 2002).\n\n                       FOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC     Page 14\n                       Compliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0cAppendix 1\nObjective, Scope, and Methodology\n\n\n\n\nWe requested copies of the most recent examination work papers\nthat included a review of OFAC compliance. In addition, we\nrequested copies of all documentation that may have affected the\nscope of the OFAC reviews. The examination records were\ncompiled by OTS\xe2\x80\x99s Special Counsel and were reviewed at OTS\nheadquarters in Washington, D.C.\n\nWe conducted our audit from January to September 2005 in\naccordance with generally accepted government auditing\nstandards.\n\n\n\n\nFOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC     Page 15\nCompliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0cAppendix 2\nBank Secrecy Act/Anti-Money Laundering Examination Manual Excerpt\nCore Examination Procedures\n\n\n\nObjective\n\nAssess the bank\xe2\x80\x99s risk-based Office of Foreign Assets Control\n(OFAC) program to evaluate whether it is appropriate for the\nbank\xe2\x80\x99s OFAC risk, taking into consideration its products, services,\ncustomers, transactions, and geographic locations.\n\nProcedures\n\n1. Determine whether the board of directors and senior\n   management of the bank have developed polices, procedures,\n   and processes based on their risk assessment to ensure\n   compliance with OFAC laws and regulations.\n\n2. Regarding the risk assessment, review the bank\xe2\x80\x99s OFAC\n   program. Consider the following:\n\n\xe2\x80\xa2   The extent of, and method for, conducting OFAC searches of\n    each relevant department/business line (e.g., automated clearing\n    house (ACH), monetary instruction sales, check cashing, trusts,\n    loans, deposits, and investments) as the process may vary from\n    one department or business line to another.\n\xe2\x80\xa2   The extent of, and method for, conducting OFAC searches of\n    account parties other than accountholders, which may include\n    beneficiaries, guarantors, principals, beneficial owners, nominee\n    shareholders, directors, signatories, and power of attorney.\n\xe2\x80\xa2   How responsibility for OFAC is assigned.\n\xe2\x80\xa2   Timeliness of obtaining and updating OFAC lists or filtering\n    criteria.\n\xe2\x80\xa2   The appropriateness of the filtering criteria used by the bank to\n    reasonably identify OFAC matches (e.g., the extent to which\n    the filtering/search criteria includes misspellings and name\n    derivations).\n\xe2\x80\xa2   The process used to investigate potential matches.\n\xe2\x80\xa2   The process used to block and reject transactions.\n\xe2\x80\xa2   The process used to inform management of blocked or rejected\n    transactions.\n\xe2\x80\xa2   The adequacy and timeliness of reports to OFAC.\n\n\n\n\nFOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC         Page 16\nCompliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0cAppendix 2\nBank Secrecy Act/Anti-Money Laundering Examination Manual Excerpt\nCore Examination Procedures\n\n\n\n\xe2\x80\xa2   The process to manage blocked accounts (such accounts are\n    reported to OFAC and pay a commercially reasonable rate of\n    interest).\n\xe2\x80\xa2   The record retention requirements (i.e., five year requirement to\n    retain relevant OFAC records; for blocked property, record\n    retention for as long as blocked; once unblocked, records must\n    be maintained for five years).\n\n3. Determine the adequacy of independent testing (audit) and\n   follow-up procedures.\n\n4. Review the adequacy of the bank\xe2\x80\x99s OFAC training program\n   based on the bank\xe2\x80\x99s OFAC risk assessment.\n\n5. Determine whether the bank has adequately addressed\n   weaknesses or deficiencies identified by OFAC, auditors or\n   regulators.\n\nTransaction Testing\n\n6. On the basis of a bank\xe2\x80\x99s risk assessment, prior examination\n   reports, and a review of the bank\xe2\x80\x99s audit findings, select the\n   following samples to test the bank\xe2\x80\x99s OFAC program for\n   adequacy, as follows:\n\n\xe2\x80\xa2   Sample new accounts (e.g., deposit, loan, trust, safe deposit,\n    investments, credit cards, and foreign office accounts,) and\n    evaluate the filtering process used to search the OFAC database\n    (e.g., the timing of the search), and documentation maintained\n    evidencing the searches.\n\n\xe2\x80\xa2   Sample appropriate transactions that may not be related to an\n    account (e.g., funds transfers, monetary instrument sales and\n    check cashing transactions), and evaluate the filtering criteria\n    used to search the OFAC database, the timing of the search,\n    and documentation maintained evidencing the searches.\n\n\xe2\x80\xa2   If the bank uses an automated system to conduct searches,\n    assess the timing of when updates are made to the system, and\n    when the most recent OFAC changes were made to the system.\n\n\nFOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC         Page 17\nCompliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0cAppendix 2\nBank Secrecy Act/Anti-Money Laundering Examination Manual Excerpt\nCore Examination Procedures\n\n\n    Also, evaluate whether all of the bank\xe2\x80\x99s databases are run\n    against the automated system, and the frequency upon which\n    searches are made. If there is any doubt regarding the\n    effectiveness of the OFAC filter, then run tests of the system\n    by entering test account names that are the same as or similar\n    to those recently added to the OFAC list to determine whether\n    the system identifies a potential hit.\n\n\xe2\x80\xa2   If the bank does not use an automated system, evaluate the\n    process used to check the existing customer base against the\n    OFAC list and the frequency of such checks.\n\n\xe2\x80\xa2   Review a sample of potential OFAC matches and evaluate the\n    bank\xe2\x80\x99s resolution and blocking/rejecting processes.\n\n\xe2\x80\xa2   Review sample of reports to OFAC and evaluate their\n    completeness and timeliness.\n\n\xe2\x80\xa2   If the bank is required to maintain blocked accounts, select a\n    sample and evaluate that the bank maintains adequate records\n    of amounts blocked and ownership of blocked funds, that the\n    bank is paying a commercially reasonable rate of interest on all\n    blocked accounts, and that it is accurately reporting required\n    information annually (by September 30th) to OFAC. Test the\n    controls in place to verify that the account is blocked.\n\n\xe2\x80\xa2   Pull a sample of false hits (potential matches) to check their\n    handling; the resolution of a false hit should take place outside\n    of the business line.\n\n7. Identify any potential matches that were not reported to OFAC,\n   discuss with bank management, advise bank management to\n   immediately notify OFAC of unreported transactions, and\n   immediately notify supervisory personnel at your regulatory\n   agency.\n\n8. Determine the origin of deficiencies (e.g., training, audit, risk\n   assessment, internal controls, management oversight,) and\n   conclude on the adequacy of the bank\xe2\x80\x99s OFAC program.\n\n\n\nFOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC         Page 18\nCompliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0c Appendix 2\n Bank Secrecy Act/Anti-Money Laundering Examination Manual Excerpt\n Core Examination Procedures\n\n\n 9. Discuss OFAC related examination findings with bank\n    management.\n\n10. Include OFAC conclusions within the report of examination, as\n    appropriate.\n\n\n\n\n FOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC         Page 19\n Compliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0cAppendix 3\nManagement Response\n\n\n\n\nFOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC     Page 20\nCompliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0cAppendix 3\nManagement Response\n\n\n\n\nFOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC     Page 21\nCompliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0cAppendix 4\nMajor Contributors to This Report\n\n\n\n\nStephen Syriala, Audit Manager\nThomas Mason, Auditor-In-Charge\nHorace Bryan, Referencer\nEsther Tepper, Communications Analyst\n\n\n\n\nFOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC     Page 22\nCompliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0cAppendix 5\nReport Distribution\n\n\nDepartment of the Treasury\n\nUnder Secretary, Office of Terrorism and Financial Intelligence\nAssistant Secretary, Terrorist Financing and Financial Crimes\nOffice of Strategic Planning and Performance Management\nOffice of Accounting and Internal Control\n\nOffice of Thrift Supervision\n\nDirector\n\nOffice of Foreign Assets Control\n\nDirector\n\nOffice of Management and Budget\n\nOIG Budget Examiner\n\n\n\n\nFOREIGN ASSETS CONTROL: Assessing OTS\xe2\x80\x99s Examination of OFAC     Page 23\nCompliance Was Hampered by Limited Documentation (OIG-06-044)\n\x0c'